owenrumney / lazytrivy Goto Github PK

View Code? Open in Web Editor NEW

272.0 5.0 6.0 28.91 MB

Vulnerability scanning just got lazier

License: Apache License 2.0

Go 99.88% Makefile 0.12%

security-tools trivy tui golang golang-cli security-auditing-tool aws-security scanner misconfigurations staticanalysis

lazytrivy's Introduction

lazytrivy

lazytrivy is a wrapper for Trivy that allows you to run Trivy without remembering the command arguments.

The idea was very heavily inspired by the superb tools from Jesse Duffield ( lazydocker, lazynpm, lazygit)

Features

Image Scanning
File System Scanning
- Scan a filesystem for vulnerabilities and misconfigurations

What does it do

lazytrivy will run Trivy in a docker container and display the results in a terminal UI, the intention is that this will make it more stable across all platforms.

When running a Filesystem scan, lazytrivy will mount the target dir in the container and run Trivy against it.

Trivy intermittently downloads the latest DB - while lazytrivy maintains a cache, if you experience a delay in the scanning of an image or filesystem, it is likely trivy is running a download.

If you're interested in seeing what's happening behind the scenes in Docker, I'd thoroughly recommend using LazyDocker.

Installation

Prerequisites

In order for lazytrivy to be cross-platform, it uses the Trivy docker image. This means that you will need to have Docker running on your machine for lazytrivy to work.

Install with Go

The quickest way to install if you have Go installed is to get the latest with go install

go install github.com/owenrumney/lazytrivy@latest

Download from Releases

Alternatively, you can get the latest releases from GitHub

Config

A config file can be added to ~/.config/lazytrivy/config.yml to set default options.

vulnerability:
  ignoreunfixed: false
filesystem:
  scansecrets: true
  scanmisconfiguration: true
  scanvulnerabilities: true
cachedirectory: ~/.cache
debug: true
trace: false

Config via UI

Settings can be adjusted via the UI by pressing the , key at any time.

By setting debug to true, additional logs will be generated in /tmp/lazytrivy.log

Usage

lazytrivy is super easy to use, just run it with the following command:

lazytrivy --help           

Usage:
  lazytrivy [command]

Available Commands:
  filesystem  Launch lazytrivy in filesystem scanning mode
  help        Help about any command
  image       Launch lazytrivy in image scanning mode

Flags:
      --debug                Launch with debug logging
      --docker-host string   Docker host to connect to (default "unix:///var/run/docker.sock")
  -h, --help                 help for lazytrivy
      --trace                Launch with trace logging

Use "lazytrivy [command] --help" for more information about a command.

Viewing logs

Logs are generated in $HOME/.lazytrivy/logs/lazytrivy.log with the default level at info. You can change the log level by setting the --debug flag.

To get even more information (more than you need), you can set the --trace flag. This will generate a lot of logs, so be careful and most of it is for tracking the position of the cursor, Docker events etc.

Setting the docker host

By default, lazytrivy will connect to the docker daemon on the local machine by looking at the current context.

The default docker host is unix:///var/run/docker.sock. If you are running Docker on a remote host, you can set the docker host with the --docker-host flag.

### Starting in a specific mode

You can start `lazytrivy` in a specific mode using `images` or `filesystem`:

For example, to scan a specific filesystem folder, you could run:

```bash
lazytrivy fs --path /home/owen/code/github/owenrumney/example

This will start in filesystem mode pointing to the specified path. If no path is provided it will point to the current working directory.

Running with Podman

lazytrivy will work with podman in non-root mode, you do however need to be careful to either start podman in a different terminal to lazytrivy or pipe the podman output to /dev/null.

For example, you can start podman with

podman system service -t 3600 unix:///tmp/podman-run-1000/podman/podman.sock 2>/dev/null  &

then start lazytrivy with

lazytrivy --docker-host unix:///tmp/podman-run-1000/podman/podman.sock image

Scanning all local images

Pressing a will scan all the images that are shown in the left hand pane. On completion, you will be shown a summary of any vulnerabilities found.

You can then scan individual images to get more details

Scanning a specific image

Select an image from the left hand pane and press s to scan it. Use the left and right arrow keys to switch between views and up down arrow keys to select an image.

Press s to scan the currently selected image.

Scanning a remote image

To scan an image that is not already locally on the machine, you can use the r key to scan a remote image.

Scanning a filesystem

To scan a filessystem, you can use the w key to switch to Filesystem mode, from there you will get all the vulnerabilities, misconfigurations and secrets from the current working directory

lazytrivy's People

Contributors

Stargazers

Watchers

Forkers

jesusoctavioas byakku developgo socialsky-io singhravipratap 5l1v3r1

lazytrivy's Issues

Problem when using podman

Describe the bug
Hi, firstly this looks like it will be a great tool, so thanks for creating. Secondly, this might not necessarily be a bug, because I am likely trying something that might not be expected to work - but it would be great if it did, or if you can explain why it doesn't please? In the prerequisites, its states:

Prerequisites

In order for lazytrivy to be cross-platform, it uses the Trivy docker image. This means that you will need to have Docker running on your machine for lazytrivy to work.

I use Podman instead of Docker, which from use in the past I know works fine with Trivy itself. I therefore wanted to try lazytrivy with podman. I've tried it as both non-root and root user on my Linux instance and both have had problems.

Non-root podman I get an error and cannot view the "image" UI. When running as root, the UI appears, but the output gets "mashed up".

To Reproduce
Steps to reproduce the behavior:

Non-root:

$ mkdir -p /tmp/podman-run-1000/podman
$ podman system service -t 3600 unix:///tmp/podman-run-1000/podman/podman.sock &
$ export DOCKER_HOST=unix:///tmp/podman-run-1000/podman/podman.sock
[1] 5080
$ lazytrivy --docker-host $DOCKER_HOST image
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/owenrumney/lazytrivy/pkg/dockerClient.(*Client).ListImages(0xc0004640f0)
        /home/runner/work/lazytrivy/lazytrivy/pkg/dockerClient/images.go:29 +0x53e
github.com/owenrumney/lazytrivy/pkg/controllers/vulnerabilities.(*Controller).RefreshImages(0xc000394680)
        /home/runner/work/lazytrivy/lazytrivy/pkg/controllers/vulnerabilities/image.go:130 +0x85
github.com/owenrumney/lazytrivy/pkg/controllers/vulnerabilities.(*Controller).Initialise.func1(0xc0004620f0)
        /home/runner/work/lazytrivy/lazytrivy/pkg/controllers/vulnerabilities/vulnerability.go:39 +0x48
github.com/awesome-gocui/gocui.(*Gui).consumeevents(0xc0004620f0)
        /home/runner/go/pkg/mod/github.com/awesome-gocui/[email protected]/gui.go:540 +0x14b
github.com/awesome-gocui/gocui.(*Gui).MainLoop(0xc0004620f0)
        /home/runner/go/pkg/mod/github.com/awesome-gocui/[email protected]/gui.go:515 +0x247
github.com/owenrumney/lazytrivy/pkg/controllers/gui.(*Controller).Run(0xc000464140)
        /home/runner/work/lazytrivy/lazytrivy/pkg/controllers/gui/gui.go:90 +0x2c
github.com/owenrumney/lazytrivy/internal/cmd.startGUI({0xc1201c, 0xf})
        /home/runner/work/lazytrivy/lazytrivy/internal/cmd/start.go:61 +0x1dc
github.com/owenrumney/lazytrivy/internal/cmd.glob..func1(0x11adb20?, {0xc0ae41?, 0x2?, 0x2?})
        /home/runner/work/lazytrivy/lazytrivy/internal/cmd/root.go:12 +0x25
github.com/spf13/cobra.(*Command).execute(0x11adb20, {0xc0004161c0, 0x2, 0x2})
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0xc00041a000)
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
main.main()
        /home/runner/work/lazytrivy/lazytrivy/main.go:21 +0xf8

root:

$ sudo -i
mkdir -p /run/podman
podman system service -t 3600 unix:///run/podman/podman.sock &
[1] 4728
export DOCKER_HOST=unix:///run/podman/podman.sock
lazytrivy --docker-host $DOCKER_HOST image

then run scan:

Expected behavior
I would expect the image scan to complete and be displayed as per the lazytrivy readme images.

Screenshots
(See above)

Desktop (please complete the following information):

OS: Ubuntu 22.04 running on WSL2 on Windows 11

Additional:

$ podman version
Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.17.3
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

feat: Support Trivy K8s scanning

Is your feature request related to a problem? Please describe.
Only in that I can use trivy CLI to perform a K8s scan, but can't with lazytrivy.

Describe the solution you'd like
I'd like to be able to perform the functionality described here and use trivy k8s...

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

bug: Handle scrolling of images

Scrolling with large numbers of issues ends up with the wrong image being scanned

bug: bulk scanning with large number of images offers no feedback

When there are a large number of images being scanned, its not clear what the status is

Feature request: search/filter by keyword

Nice work so far. Would be great to filter by keyword in finding title, desc, or AWS service.

Maybe activate search/filter with / key?

stop using the cache json directly

AWS scanning is using the cache files rather than letting trivy do the work, this isn't going to work when we switch to caching state rather than results so need to stop using cache files and start using Trivy scan results

Add support for Trivy AWS scanning

Allow switching modes to run aws scans from trivy

Error scanning image

Describe the bug
I have the following images in my local podman repo:

$ podman image ls
REPOSITORY                       TAG         IMAGE ID      CREATED         SIZE
uk.icr.io/sbu-pipeline/wgettest  1           0926b4e74fcb  17 minutes ago  120 MB
uk.icr.io/sbu-pipeline/wgettest  1a          e947a3dfe6b6  17 minutes ago  119 MB
docker.io/library/hello-world    latest      6b7c43821c88  15 hours ago    128 MB
docker.io/aquasec/trivy          latest      a99a781eca1f  6 days ago      206 MB
docker.io/library/ubuntu         20.04       a0ce5a295b63  3 weeks ago     75.2 MB
docker.io/library/alpine         3.16.1      d7d3d98c851f  2 months ago    5.82 MB
<none>                           <none>      feb5d9fea6a5  12 months ago   19.9 kB

I use lazytrivy, with a podman socket:

mkdir -p /tmp/podman-run-1000/podman
podman system service -t 3600 unix:///tmp/podman-run-1000/podman/podman.sock 2>/dev/null &
export DOCKER_HOST=unix:///tmp/podman-run-1000/podman/podman.sock
lazytrivy --docker-host $DOCKER_HOST image

which shows me:

I request it scan uk.icr.io/sbu-pipeline/wgettest:1a and it errors:

I can see the following in: $HOME/.lazytrivy/logs/lazytrivy.log:

$ tail -f lazytrivy.log
2022-09-23T08:11:32.663Z        INFO    Please see also https://aquasecurity.github.io/trivy/v0.32/docs/secret/scanning/#recommendation for faster secret detection
2022-09-23T08:11:32.924Z        FATAL   image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:
        * unable to inspect the image (uk.icr.io/sbu-pipeline/wgettest:1a): Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%!F(MISSING)var%!F(MISSING)run%!F(MISSING)docker.sock/v1.24/images/uk.icr.io/sbu-pipeline/wgettest:1a/json": dial unix /var/run/docker.sock: connect: permission denied
        * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
        * containerd socket not found: /run/containerd/containerd.sock
        * GET https://uk.icr.io/oauth/token?scope=repository%!A(MISSING)sbu-pipeline%!F(MISSING)wgettest%!A(MISSING)pull&service=registry: UNAUTHORIZED: The login credentials are not valid, or your IBM Cloud account is not active.; The login credentials are not valid, or your IBM Cloud account is not active.

2022-09-23T09:11:32+01:00       [INFO]  Error scanning image uk.icr.io/sbu-pipeline/wgettest:1a
2022-09-23T09:14:58+01:00       [INFO]  Refreshing images
2022-09-23T09:14:58+01:00       [INFO]  Selected: docker.io/library/alpine:3.16.1
2022-09-23T09:14:59+01:00       [INFO]  Selected: docker.io/library/hello-world:latest
2022-09-23T09:15:00+01:00       [INFO]  Selected: docker.io/library/ubuntu:20.04
2022-09-23T09:15:00+01:00       [INFO]  Selected: uk.icr.io/sbu-pipeline/wgettest:1
2022-09-23T09:15:00+01:00       [INFO]  Selected: uk.icr.io/sbu-pipeline/wgettest:1a

The image is local, and the socket is available. If I try a direct Trivy scan, it works:

$ trivy --debug image uk.icr.io/sbu-pipeline/wgettest:1a
2022-09-23T09:18:10.273+0100    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2022-09-23T09:18:10.275+0100    DEBUG   cache dir:  /home/matt/.cache/trivy
2022-09-23T09:18:10.276+0100    DEBUG   DB update was skipped because the local DB is the latest
2022-09-23T09:18:10.276+0100    DEBUG   DB Schema: 2, UpdatedAt: 2022-09-23 06:22:59.569742716 +0000 UTC, NextUpdate: 2022-09-23 12:22:59.569742416 +0000 UTC, DownloadedAt: 2022-09-23 08:06:28.2269616 +0000 UTC
2022-09-23T09:18:10.276+0100    INFO    Vulnerability scanning is enabled
2022-09-23T09:18:10.276+0100    DEBUG   Vulnerability type:  [os library]
2022-09-23T09:18:10.276+0100    INFO    Secret scanning is enabled
2022-09-23T09:18:10.276+0100    INFO    If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-09-23T09:18:10.276+0100    INFO    Please see also https://aquasecurity.github.io/trivy/v0.32/docs/secret/scanning/#recommendation for faster secret detection
2022-09-23T09:18:10.280+0100    DEBUG   No secret config detected: trivy-secret.yaml
2022-09-23T09:18:10.280+0100    DEBUG   Image ID: sha256:e947a3dfe6b615ca85f99768f70eb4eea2b9e64ddc3ea82b6f8272ba625bb602
2022-09-23T09:18:10.280+0100    DEBUG   Diff IDs: [sha256:b40ed86654e59e1012e1716d5384910f8c3bb58274b7b00fca564a53e9897ba3 sha256:e6001c332a2ff87834b4c610a2ccf201555e9fd135e217a3e50ca1cf279ff741]
2022-09-23T09:18:10.280+0100    DEBUG   Base Layers: [sha256:b40ed86654e59e1012e1716d5384910f8c3bb58274b7b00fca564a53e9897ba3]
2022-09-23T09:18:10.282+0100    INFO    Detected OS: ubuntu
2022-09-23T09:18:10.282+0100    INFO    Detecting Ubuntu vulnerabilities...
2022-09-23T09:18:10.282+0100    DEBUG   ubuntu: os version: 20.04
2022-09-23T09:18:10.282+0100    DEBUG   ubuntu: the number of packages: 95
2022-09-23T09:18:10.283+0100    INFO    Number of language-specific files: 0

uk.icr.io/sbu-pipeline/wgettest:1a (ubuntu 20.04)

Total: 22 (UNKNOWN: 0, LOW: 19, MEDIUM: 3, HIGH: 0, CRITICAL: 0)

To test lazytrivy works, I see if it can scan the docker.io/library/ubuntu:20.04 image I have locally and it does:

Expected behavior
I expect lazytrivy to be able to scan uk.icr.io/sbu-pipeline/wgettest:1a which I have locally on my machine.

Screenshots
(see above)